Attorney Docket No. CA1469 

AMENDMENT UNDER 37 C.F.R. §1.111 
U.S. Application No. 09/996,308 

AMENDMENTS TO THE CLAIMS 

This listing of claims will replace all prior versions and listings of claims in the 

application: 

LISTING OF CLAIMS: 

1 . {Currently Amended) A storage apparatus, comprising: 

a processor; 
a memory; 

at least one storage device operable to provide storage resources for storing user data over 
a network to at least one network entity and comprising a plurality of nt least on e virtual 
volumes; 

a storage controller, coupled to the at least one storage device; 

a network interface connectable to the virtual local area network (VLAN) switch; 

wherein the processor is at least intermittently coupled to the memory, the storage 
controller and the network interface; 

wherein the memory comprises configuration information including information on at 
least one group, information on mapping of a plurality of a correspondence between at least one 
segments of a virtual local area network (VLAN) connectable by the network interface to the at 
least one group and information on mapping of the plurality of the at least one virtual volumes of 
the at least one storage device to the at least one group ; 

wherein the processor, the memory, the storage controller and the network interface are 
operable to control the virtual local area network (VLAN) switch to map the plurality of 
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segments at least one segment to the at least one group and the plurality of at least one virtual 
volume s to the at least one group based upon the configuration information; and 

wherein at least one of the processor or the network interface control access to the 
plurality of at least one virtual volumes based upon the configuration information such that a 
specific network entity associated with at least one of the plurality of segments a specific 
segment of the virtual local area network (VLAN) is allowed to access the plurality of virtual 
volumes within the at least one group only a specific virtual volume associatod with the specific 
segment of the virtual local area network (VLAN) . 

2. (Original) The apparatus of claim 1, 

further comprising an out of band management interface connectable to a second 
network. 

3. (Original) The apparatus of claim 1, 

wherein the network interface connectable to a virtual local area network (VLAN) switch 
comprises an interface to a VLAN trunk line. 

4. (Original) The apparatus of claim 3, 

wherein information carried by the VLAN trunk line is identified using an embedded tag. 

5. (Previously Presented) The apparatus of claim 1, 
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wherein the network interface cormectable to a virtual local area network (VLAN) switch 

comprises an interface to a VLAN switch, the VLAN switch connectible to at least one host 

computer via at least one VLAN access link. 

6. {Previously Presented) The apparatus of claim 5, 

wherein information carried by the at least one VLAN access link comprises untagged 

frames. 

7. {Previously Presented) The apparatus of claim 6, 

wherein information carried by the at least one VLAN access link is identified using a 
VLAN Identifier of a receiving port. 

8. {Previously Presented) The apparatus of claim 6, 

wherein information carried by the at least one VLAN access link is identified using a 
Media Access Control (MAC) address. 

9. {Original) The apparatus of claim 6, 
wherein an untagged frame comprises: 

a preamble field; 
a source MAC field; 
a destination MAC field; 
a type field; 
a data field; and 
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a CRC field. 

10. {Currently Amended) A method, comprising: 

separating logically a local area network into a plurality of virtual local area networks, 
including a first virtual local area network and a second virtual local area network; 

separating logically a storage device operable to provide storage resources for storing 
user data over the local area network to at least one network entity into a plurality of virtual 
volumes, including a first virtual volume and a second virtual volume; 

establishing at least one group; 

managing a configuration comprising a mapping of the plurality of virtual local area 
networks to the at least one group and a mapping of the first virtual local area network to the first 
virtual volume and the socond virtual local area network to the second plurality of virtual 
volume s to the at least one group ; and 

routing information from a network entity associated with one of the plurality of t he first 
virtual local area networks to the plurality of virtual volumes first virtual volume and the second 
virtual local area network to the second virtual volume and preventing communication from a 
second network entity not associated with the plurality of virtual local area networks to the 
plurality of virtual volumes the first virtual local area network to the second virtual volume and 
from the socond virtual local area network to the first virtual volum e based upon the 
configuration; 

wherein the managing, routing and preventing is performed by the storage device. 
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1 1 . {Original) The method of claim 10, 
further comprising at least one of: 

configuring network parameters; 
configuring a new file system; 
configuring a designated file system; and 
deleting a designated file system. 

12. (Original) The method of claim 10, 
further comprising at least one of: 

updating a management interface IP address; 
updating a physical network interface IP address; 
updating a VLAN interface IP address and a VLAN tag; 
deleting a designated VLAN interface; and 
adding a new VLAN interface. 

13. {Original) The method of claim 10, 
further comprising at least one of: 

adding a VLAN to a file system; 
removing a VLAN from the file system; 
adding a volume to the file system; and 
removing a volume from the file system. 

14. {Original) The method of claim 10, 
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further comprising: 

authenticating user authority. 

15. (Currently Amended) A computer program product embodied in a computer- 
readable medium, comprising: 

code for sending and receiving tagged frames to and from a network interface; 

code for managing a file system and providing storage resources for storing user data 
over a network to at least one network entity; 

code for managing a plurality of virtual volumes within the file system; 

code for controlling data transfer between the network interface and a storage controller 
of the file system; 

code for creating at least one group; 

code for managing a configuration comprising a mapping of the plurality of virtual 
volumes to the at least one group and mapping of a plurality of a virtual local area network 
segment s to the at least one group ; 

code for routing information from a network entity associated with at least one of the 
plurality of v irtual local area network segments to the plurality of virtual volumes in the file 
system and preventing communication from at least one other virtual local area network segment 
to the plurality of virtual volumes based upon [[a]] the_configuration; and 

a computer readable storage medium for holding the codes, wherein the managing of the 
configuration, routing and preventing are performed by a storage device hosting the file system. 
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16. (Previously Presented) The computer program product of claim 15, 
further comprising at least one of: 

code for receiving configuration information for the file system; 

code for receiving configuration information for the virtual volume; and 

code for receiving configuration information for the virtual local area network 

segment. 

1 7. (Previously Presented) The computer program product of claim 1 6, 
further comprising at least one of: 

code for updating configuration information for the file system; 

code for updating configuration information for the virtual volume; and 

code for updating configuration information for the virtual local area network 

segment. 

18. (Currently Amended) A network storage apparatus, comprising: 
a means for processing information; 

a means for connecting to a virtual local area network (VLAN) switch; 

wherein the means for processing and the means for connecting to a virtual local area 
network (VLAN) switch are connectable to a storage device operable to provide storage 
resources for storing user data over a network to at least one network entity having a plurality of 
virtual volumes mapped to at least one group and a plurality of segments of at least one virtual 
volume mapped to at least one segment of a virtual local area network (VLAN) mapped to the at 
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least one group, based upon configuration information managed by the processing means, 
thereby enabling communication between a network entity associated with one of the plurality of 
segments of the virtual local area network and the plurality of virtual volumes and p reventing 
communication between another segment of another VLAN and the plurality of virtual volumes 
at least one virtual volume . 

19. {Currently Amended) A storage apparatus, comprising: 
a means for processing information; 

a means for storing data operable to provide storage resources for storing user data 
provided over a network to at least one network entity; 
a means for controlling storing of data; 

a means for connecting to a virtual local area network (VLAN) switch; 

wherein the means for processing, the means for controlling storing of information and 
the means for connecting to a virtual local area network (VLAN) switch map a plurality of 
segments of a at least one segment of a virtual local area network (VLAN) to at least one group 
and map a plurality of virtual volumes at least one virtual volume of the means for storing data to 
the at least one group based upon configuration informatio n, enable communication between a 
network entity associated with one of the plurality of segments of the virtual local area network 
and the plurality of virtual volumes and prevent communication between another segment of 
another VLAN and the plurality of virtual volumes at least one virtual volume . 

20. {Currently Amended) A system, comprising: 
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a storage device operable to provide storage resources for storing user data over a 
network to at least one network entity; 

a virtual local area network (VLAN) switch, coupled to the storage device; and 

a plurality of segments at least one segment coupled to the virtual local area network 
(VLAN) switch via at least one virtual local area network; 

wherein the storage device is operable to map the plurality of segments of the virtual 
local area network at least one segment of the at least one virtual local area network to at least 
one group and map a plurality of virtual volumes virtual volume of the storage device to the at 
least one group, based upon configuration information, and is operable to enable communication 
between a second network entity associated with one of the plurality of segments of the virtual 
local area network and the plurality of virtual volumes p revent another segment of another 
VLAN from communicating with the plurality of virtual volumes at least one virtual volume of 
the storage device. 

2 1 . (Currently Amended) A method of controlling accesses from servers to a 
network storage subsystem, wherein the network storage subsystem is connected to a virtual 
local area network (VLAN) switch via a VLAN switch and receives access requests from the 
servers via the VLAN switch, the method comprising the steps of: 

allocating a plurality of dedicated storage resources for storing user data provided over a 
network to at least one network entity to each of a plurality of VLAN segments, 

receiving a Internet Protocol (IP) packet based access from a server, 
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determining a VLAN segment of the plurality of VLAN segments that the server belongs 
to, based on a VLAN identification in the IP packet, and 

permitting the server to access the plurality of dedicated storage resources allocated to a 
group associated with t he VLAN segment that the server belongs to, and preventing another 
server that does not belong to the plurality of VLAN segments from accessing the plurality of 
dedicated storage resources based on configuration information managed by the network storage 
subsyste m, the configuration information comprising information on at least one group, 
information on mapping of the plurality of VLAN segments to the at least one group and 
information on mapping of the plurality of dedicated storage resources to the at least one group ; 

wherein the determining, permitting and preventing are performed by the network storage 
subsystem. 

22. {Currently Amended) A method, comprising: 
separating a virtual LAN into a plurality of segments; 

managing a mapping of each one of the plurality of segments to a group and mapping of 
a plurality of storage devices operable to provide storage resources for storing user data over a 
network to at least one network entity to the group ; 

assigning a plurality of virtual volumes to the group and assigning a plurality of segments 
to the group at least one virtual volume to each one of the plurality of segments ; and 

controlling access to the plurality of virtual volumes a virtual volume , such that the 

plurality of virtual volumes virtual volum e will communicate only with the plurality of segments 

within the same group a segment to which it is assigned ; wherein the managing and controlling is 
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performed by the storage device. 



23. (New) The storage apparatus of claim 1, wherein the group comprises a file 

system. 

24. (New) The method of claim 10, wherein the group comprises a file system. 

25. (New) The computer program product of claim 15, wherein the group comprises 
a file system. 

26. (New) The network storage apparatus of claim 18, wherein the group comprises a 
file system. 

27. (New) The storage apparatus of claim 19, wherein the group comprises a file 

system. 

28. (New) The system claim 20, wherein the group comprises a file system. 

29. (New) The method of claim 21, wherein the group comprises a file system. 

30. (New) The method of claim 22, wherein the group comprises a file system. 

12 



